Red Hat Bugzilla – Bug 1475072
CVE-2017-5361 rt: timing side-channel attack in secrets constant-time comparison algorithm
Last modified: 2017-07-25 21:36:41 EDT
It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable.
Created rt tracking bugs for this issue:
Affects: fedora-all [bug 1475084]